Municipality Exposure Makes the Case for Advanced Challenge-Response Authentication and Virtual Air Gaps

Kevin Peterson | 02/12/2021

Water treatment and Sewage treatment plants are arguably the most vulnerable critical infrastructure in the United States.

Smaller municipalities especially have little protections, and no cybersecurity expertise, yet remote operator and vendor access is prevalent in every one of these systems.

What is the Compromise?

Using hosted remote access portals with passwords as the gating security challenge, means anyone can potentially gain visibility to these systems; it’s a low-tech attack, usually coupled with an internal “jump box”, meaning once through the login phase an attacker is fully inside the network and can discover and manipulate any of the control systems and PLCs. In most cases these login/password combinations are shared among multiple users with no way to authenticate or audit who is really using the system, or where they are coming from.

To exacerbate the problem, it’s a legitimate solution for many vendors/manufacturers supplied in contract to operators, which obscures activity that would otherwise be easily detected as anomalous. An FBI Private Industry Notification, following the recent compromise to a Florida water treatment facility, notes how an enhanced attack allows cyber actors to additionally drop malware and execute remote control similar to Remote Access Trojans.

The Current Response

In the case of cyber physical systems such as those found in municipalities, we hope that redundancies in the system would eventually have alerted operators that something was wrong, limiting the effect to just disruption and cleanup. But even that outcome is timely, costly and likely a dramatic human effect - in this recent case it would at minimum have caused disruption of available water to thousands of residents.

Immediate Action Required

From a previous blog post by Bryan Skene, referencing CISA guidance, he stated that "only a centralized, cross-vendor security policy infrastructure with cleanly stated access policies" can mitigate our current vulnerable and porous security stance created by stovepipe and patchwork security additions that have built up over time.

From a central system, access can easily be created to specific points, monitored and audited. A clean, clear centralized store of whitelist policies to access otherwise invisible network hosts and assets provides the most advanced and easy-to-manage infrastructure for organizations going forward. The security infrastructure itself ensures that communication to outside command and control is impossible, and the OT network itself is impervious to lateral movement and reconnaissance by an attacker.

Tempered Networks Airwall

A Tempered approach to cybersecurity in municipalities facilitates a simple “drop-in” overlay based on zero trust and a default no-privilege model. Tempered Airwalls have a unique allocated cryptographic ID which can be enhanced with modern challenge-response authentication mechanisms. Remote access to internal systems cannot be gained without all such identifying and authorization criteria being in alignment. After multi-factored authentication, specific policies enforce micro-segmentation, and even time of day attributes, so that only a single system or group of systems can be accessed specific to discreet user roles.

For more information download our GLWA Case Study:

More Tempered Perspectives in the Recent News: 


Protect Critical Infrastructure secure communications Airwall

Recent posts